The government is planning to introduce tough new cyber security and compliance measures to better protect the millions of smart internet of things (IoT) devices already online around the UK – and the millions more yet to come – as part of its ongoing, five-year, £1.9bn security initiative.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The Security by Design review has been developed with support from device manufacturers, retailers and the National Cyber Security Centre (NCSC) to address the huge number of gaping security holes in many smart IoT devices, such as TVs, toys and speakers.

The government claimed that, averaged out, every household in the UK now owns at least 10 internet-connected devices, and most will add at least five more in the next couple of years. This suggests there could be more than 420 million potential sources of attack in UK homes by 2020.

Badly-secured IoT devices have already been implicated in a number of high-profile cyber security events that compromised consumer data. In early 2017, for example, more than 800,000 owners of a connected teddy bear had their data exposed because of a poorly secured MongoDB database, while hundreds of thousands of other devices are still being co-opted into damaging IoT botnets.

In the light of these challenges, the government’s review has set out plans to embed security in the design process rather than bolting it on later, and hopes to establish a new code of practice to improve the security of consumer IoT devices and services, while still leaving enough wiggle room for innovative use cases.

“We want everyone to benefit from the huge potential of internet-connected devices and it is important that they are safe and have a positive impact on people’s lives,” said Margot James, minister for digital and the creative industries. “We have worked alongside industry to develop a tough new set of rules so that strong security measures are built into everyday technology from the moment it is developed.

“This will help to ensure we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.”

The new rules will help ensure all passwords on new devices are unique and not resettable to a factory default; that devices have a vulnerability policy and a public point of contact so that issues can be reported and acted on quickly; that any sensitive data transmitted over apps or devices is encrypted; that software is automatically updated and there is guidance on this for users; that consumers can easily delete personal data on devices; and that installation and maintenance of devices is made easier.

The government’s review also proposes the development of a product-labelling scheme to make buyers aware of a product’s security features at the point of purchase. The Department for Digital, Culture, Media and Sport (DCMS) said it would work closely with retailers and consumer rights bodies to provide advice and support in this regard.

“The NCSC is committed to ensuring the UK has the best security it can, and stop people being expected to make impossible safety judgements with no useful information,” said NCSC technical director Ian Levy.

“We are pleased to have worked with DCMS on this vital review, and hope its legacy will be a government ‘kitemark’ clearly explaining the security promises and effective lifespan of products.

“Shoppers should be given high-quality information to make choices at the counter. We manage it with the fat content of food and this is the start of doing the same for the cyber security of technology products.”

“With connected devices becoming increasingly popular, it is vital that consumers are not exposed to the risk of cyber attacks through products that are left vulnerable through manufacturers’ poor design and production,” he said.

“Companies must ensure that the safety of their customers is the absolute priority when ‘smart’ products are designed. If strong security standards are not already in place when these products hit the shelves, then they should not be sold.”

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy